This weekend, a few owners of blogs published to custom domains are reporting problems viewing their blogs.
We are seeing various reports, such as unhappily reporting
In many cases, the blog in question uses GoDaddy hosted DNS, and a specific set of GoDaddy servers, to provide domain addresses to the blog readers.
If we use a WhoIs Log, we can see the defining factor in this problem.
The domain in question does not have an expired registration, and it is live other wise. This domain is using "ns63.domaincontrol.com" and "ns64.domaincontrol.com" for DNS - and one or both of those servers appear to be subject to a DDOS attack by unknown parties.
I'll note here that not all domains hosted by GoDaddy are affected by the attack. If you're reading this article (I hope that you are reading this article), you should know that "nitecruzr.net" is also a GoDaddy hosted domain - "nitecruzr.net" just uses a different set of DNS servers.
A Distributed Denial Of Service ("DDOS") attack involves massive amounts of garbage traffic, from multiple computers all over the world - possibly from various members of a botnet - attacking specific networks or servers. GoDaddy Network Technicians, detecting the attack, are restricting access to the specific servers that are under attack. Instead of shutting down those servers completely, they are surgically isolating the attacking computers by IP address - and are blocking only those specific computers (and their immediate neighbours, including the blog owners observing the problems) from access to the specific servers under attack.
By blocking only small portions of the Internet from access, and only from access to "ns63.domaincontrol.com" and "ns64.domaincontrol.com", GoDaddy is continuing service to the majority of their customers - and to some portion of the readers of the blogs affected by the attack. This is why the domains affected can be viewed by various proxy servers and (some, not all) readers. A few proxy servers may, like a few blog owners and readers, be blocked - but many will not be blocked.
People who use proxy servers, along with many normal readers of the blogs affected by the attack, will like the readers of other blogs using GoDaddy hosted DNS, be unaware that there is any problem. Eventually, the attack will end, and life will go back to normal.
(Update 2011/03/27 06:00 PDT): We're seeing a few comments in the rollup discussion that indicates that GoDaddy is successfully repelling the attack. That does not mean that the attack is over, necessarily - but it does show that there is hope, for some of the blog owners.
>> Top
We are seeing various reports, such as unhappily reporting
I can't view my blog!If we view the blog ourselves, or maybe if the blog owner uses one or more proxy servers to view the blog, the blog will be seen with no problem. Apparently the blog is actually online, regardless of the original observation.
Now what?
In many cases, the blog in question uses GoDaddy hosted DNS, and a specific set of GoDaddy servers, to provide domain addresses to the blog readers.
If we use a WhoIs Log, we can see the defining factor in this problem.
http://who.is/whois/mydomain.com/
REGISTRY WHOIS FOR MYDOMAIN.COM
Domain Name: mydomain.com
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Expiration Date: 2012-03-15
Creation Date: 2011-03-15
Last Update Date: 2011-03-15
Name Servers:
ns63.domaincontrol.com
ns64.domaincontrol.com
The domain in question does not have an expired registration, and it is live other wise. This domain is using "ns63.domaincontrol.com" and "ns64.domaincontrol.com" for DNS - and one or both of those servers appear to be subject to a DDOS attack by unknown parties.
I'll note here that not all domains hosted by GoDaddy are affected by the attack. If you're reading this article (I hope that you are reading this article), you should know that "nitecruzr.net" is also a GoDaddy hosted domain - "nitecruzr.net" just uses a different set of DNS servers.
http://who.is/whois/nitecruzr.net/
REGISTRY WHOIS FOR NITECRUZR.NET
Domain Name: nitecruzr.net
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Expiration Date: 2012-03-24
Creation Date: 2008-03-24
Last Update Date: 2010-03-23
Name Servers:
ns11.domaincontrol.com
ns12.domaincontrol.com
ns53.domaincontrol.com
ns54.domaincontrol.com
A Distributed Denial Of Service ("DDOS") attack involves massive amounts of garbage traffic, from multiple computers all over the world - possibly from various members of a botnet - attacking specific networks or servers. GoDaddy Network Technicians, detecting the attack, are restricting access to the specific servers that are under attack. Instead of shutting down those servers completely, they are surgically isolating the attacking computers by IP address - and are blocking only those specific computers (and their immediate neighbours, including the blog owners observing the problems) from access to the specific servers under attack.
By blocking only small portions of the Internet from access, and only from access to "ns63.domaincontrol.com" and "ns64.domaincontrol.com", GoDaddy is continuing service to the majority of their customers - and to some portion of the readers of the blogs affected by the attack. This is why the domains affected can be viewed by various proxy servers and (some, not all) readers. A few proxy servers may, like a few blog owners and readers, be blocked - but many will not be blocked.
People who use proxy servers, along with many normal readers of the blogs affected by the attack, will like the readers of other blogs using GoDaddy hosted DNS, be unaware that there is any problem. Eventually, the attack will end, and life will go back to normal.
(Update 2011/03/27 06:00 PDT): We're seeing a few comments in the rollup discussion that indicates that GoDaddy is successfully repelling the attack. That does not mean that the attack is over, necessarily - but it does show that there is hope, for some of the blog owners.
>> Top
Comments
Thanks for all the information that you've conveyed to us. I would have been banging my head on my keyboard all day yesterday if there wasn't anyone to tell us what was happening. =)